Hello everyone,I have a question regarding the X509 Certificate check (https://docs.centreon.com/pp/integrations/plugin-packs/procedures/applications-protocol-x509/)I’m wondering if its possible to check the whole chain of certificate ?The situation is as follow :ROOT → CA → CERTThe Root is still OK The CA cert is expired The Cert is OK (but signed with a expired certificate)The usecase is when we are using deepssl.So that’s mean we will never see the cert in CRITICAL status, but only when the CA will be expired.UNKNOWN: Error creating SSL socket: , SSL error: SSL connect attempt failed error:0A000086:SSL routines::certificate verify failed I’m now wondering if we can monitor the whole cert chain for a website and see if the date is near (30 days for example) for the CA and ROOT ?Thanks !

Question

X509 Certificate - Check certificate chain

+8

Hello everyone,

I’m wondering if its possible to check the whole chain of certificate ?

The situation is as follow :

ROOT → CA → CERT

The usecase is when we are using deepssl.

So that’s mean we will never see the cert in CRITICAL status, but only when the CA will be expired.

UNKNOWN: Error creating SSL socket: , SSL error: SSL connect attempt failed error:0A000086:SSL routines::certificate verify failed

I’m now wondering if we can monitor the whole cert chain for a website and see if the date is near (30 days for example) for the CA and ROOT ?

Thanks !

+11

I saw there is a mode for the x509 module to use the ssl cli, so maybe there is advanced commands you can use ?

centreon-plugins/src/apps/protocols/x509/custom/opensslcli.pm at develop · centreon/centreon-plugins

+8

I do see the opensslcli but this look like tu be used to check SSH server and the exposed certificate.